Computing system having an on-the-fly encryptor and an operating method thereof

ABSTRACT

A path for transmitting encrypted data is completely separated from a path for transmitting unencrypted data. To this end, a virtual secure memory is created on an address space. If a central processing unit (CPU) writes data in the virtual secure memory, hardware stores the data in a specific area of a dynamic random access memory (DRAM) after automatically encrypting the data. In the case where the CPU intents to read data, the hardware sends the data to the CPU after automatically decrypting the data read from a specific area of the DRAM.

CROSS-REFERENCE TO RELATED APPLICATIONS

This U.S. non-provisional patent application claims priority under 35U.S.C. § 119 to Korean Patent Provisional Application No.10-2016-0066143 filed on May 30, 2016, and Korean Patent ApplicationsNo. 10-2016-0093582 filed on Jul. 22, 2016, and No. 10-2016-0144663filed on Nov. 1, 2016 the disclosures of which are incorporated byreference herein in their entireties.

BACKGROUND

Embodiments of the inventive concept disclosed herein relate to acomputing system having an on-the-fly encryptor and an operating methodthereof.

A dynamic random access memory (DRAM) is a type of memory that storeseach bit of data in a separate capacitor within an integrated circuit.The DRAM is generally used as a main memory of a system, and thus,influences the entire performance of the system. To protect the DRAMfrom having its data probed, a variety of methods have been developed.For example, a central processing unit (CPU) and the DRAM may bemanufactured with silicon, and attached to each other through a throughsilicon via (TSV) on one die. However, this method is quite expensive.In yet another method, all or a portion of important data stored in theDRAM may be encrypted. However, if encryption logic is arranged betweenthe CPU and the DRAM, the speed of the system overall decreases.

SUMMARY

Embodiments of the inventive concept provide a computing system thatprevents reduction in performance of a system and encrypts a DRAMexpensively and an operating method thereof.

According to an aspect of an exemplary embodiment, an operating methodof a computing system, the method comprising: receiving, at anon-the-fly encryptor, an address for an access to a pseudo secure memoryand data from a central processing unit; converting, at the on-the-flyencryptor, the address into a memory address for an access to a mainmemory; encrypting, at the on-the-fly encryptor, the data based on anencryption algorithm; and storing, at a memory controller, the encrypteddata in a main memory corresponding to the memory address.

According to an aspect of an exemplary embodiment, an operating methodof an integrated circuit, the method comprising: issuing, at a centralprocessing unit connected to a first layer bus, read transactions to anon-the-fly encryptor through a multi-layer bus connected to the firstlayer bus; issuing, at the on-the-fly encryptor, corresponding readtransactions to memory controllers connected to the first layer busthrough the multi-layer bus or a second multi-layer bus; receiving, atthe on-the-fly encryptor, data corresponding to the read transactionsfrom the memory controllers through the multi-layer bus; decrypting, atthe on-the-fly encryptor, the received data; and transferring, at theon-the-fly encryptor, the decrypted data to the central processing unitthrough the multi-layer bus and the first layer bus.

According to an aspect of an exemplary embodiment an operating method ofan integrated circuit, the method comprising: transferring, at a centralprocessing unit connected to a first layer bus, secure data to anon-the-fly encryptor through a second layer bus connected to the firstlayer bus; encrypting, at the on-the-fly encryptor, the secure data;transferring, at the on-the-fly encryptor, the encrypted data to a firstmemory controller connected to the first layer bus through the secondlayer bus or another second layer bus; storing the encrypted data in anencryption data area of a first memory connected to the first memorycontroller; transferring, at the central processing unit, non-securedata to a second memory controller connected to the first layer bus; andstoring the non-secure data in a non-encryption data area of a secondmemory connected to the second memory controller, wherein the firstmemory controller is the same as or different from the second memorycontroller.

According to an aspect of an exemplary embodiment, an integrated circuitcomprising: a first layer bus; a second layer control bus connected tothe first layer bus; a third layer control bus connected to the secondlayer control bus; a second layer data bus connected to the first layerbus; a third layer data bus connected to the second layer data bus; acentral processing unit connected to the first layer bus; at least onememory controller connected to the first layer bus; and an on-the-flyencryptor receiving a write transaction or a read transaction throughthe second and third layer control buses and performing a function of apseudo secure memory, wherein the on-the-fly encryptor is configured to:encrypt data transferred from the central processing unit in response tothe write transaction during a write operation of the pseudo securememory and transfer the encrypted data to the at least one memorycontroller through the second and third layer data buses; or receiveencrypted data transferred from the at least one memory controller inresponse to the read transaction during a read operation of the pseudosecure memory and decrypt the received encrypted data.

According to an aspect of an exemplary embodiment, an operating methodof a computing system includes sending, at a central processing unit(CPU), a write request for data to an on-the-fly encryptor, receiving,at the on-the-fly encryptor, the data output from the CPU through a bus,encrypting, at the on-the-fly encryptor, the data in response to thewrite request, sending the encrypted data to a corresponding memorycontroller through the bus, and storing the encrypted data in a memoryconnected to the corresponding memory controller.

According to an aspect of an exemplary embodiment, an operating methodof a computing system includes sending, at a CPU, secure data to anon-the-fly encryptor through a bus, encrypting, at the on-the-flyencryptor, the secure data, sending the encrypted data to a first memorycontroller through the bus, storing the encrypted data in an encrypteddata area of a first memory connected to the first memory controller,sending normal data from the CPU to a second memory controller throughthe bus, and storing the normal data in an unencrypted data area of asecond memory connected to the second memory controller.

According to an aspect of an exemplary embodiment, a computing systemincludes an integrated circuit, and a plurality of memories connected tothe integrated circuit. The integrated circuit includes a CPU connectedto a bus, an on-the-fly encryptor connected to the bus to function as apseudo secure memory, and a plurality of memory controllers connected tothe bus and corresponding to the plurality of memories, respectively.During a write operation of the pseudo secure memory, the on-the-flyencryptor encrypts data by using an encryption algorithm and sends theencrypted data to a corresponding memory controller through the bus.During a read operation of the pseudo secure memory, the on-the-flyencryptor decrypts data read from one of the plurality of memories byusing the encryption algorithm and sends the decrypted data to the CPUthrough the bus.

According to an aspect of an exemplary embodiment, a computing systemincludes a CPU, an on-the-fly encryptor configured to function as apseudo secure memory and to encrypt unencrypted data or decryptencrypted data, and at least one main memory. The CPU accesses theon-the-fly encryptor by using a first address, and the on-the-flyencryptor receives the first address and accesses the at least one mainmemory by using a second address that is obtained by converting thefirst address.

According to an aspect of an exemplary embodiment, a system-on-chipincludes a system bus, a CPU connected to the system bus, an internalread only memory connected to the system bus, an on-the-fly encryptorconnected to the system bus, and at least one memory controllerconnected to the system bus. The on-the-fly encryptor receivesunencrypted data from the CPU through the system bus, encrypts theunencrypted data by using an encryption algorithm, and sends theencrypted data to the at least one memory controller through the systembus. The on-the-fly encryptor receives the encrypted data from the atleast one memory controller through the system bus, decrypts theencrypted data by using the encryption algorithm, and sends thedecrypted data to the CPU through the system bus.

BRIEF DESCRIPTION OF THE FIGURES

The above and other features of the inventive concept will becomeapparent from the following description taken in conjunction with theaccompanying figures in which:

FIG. 1 illustrates a computing system according to an exemplaryembodiment of the inventive concept;

FIG. 2 illustrates an address space of a computing system according toan exemplary embodiment of the inventive concept;

FIG. 3 illustrates a process in which a computing system according to anexemplary embodiment of the inventive concept writes secure data.

FIG. 4 illustrates a process in which a computing system according to anexemplary embodiment of the inventive concept reads secure data;

FIG. 5 illustrates a process in which an on-the-fly encryptor accordingto an exemplary embodiment of the inventive concept converts an address;

FIG. 6 illustrates a base address used for address conversion of theon-the-fly encryptor according to an exemplary embodiment of theinventive concept;

FIG. 7 illustrates a process in which an on-the-fly encryptor accordingto an exemplary embodiment of the inventive concept converts an address;

FIG. 8 illustrates a computing system according to an exemplaryembodiment of the inventive concept;

FIG. 9 illustrates a computing system according to an exemplaryembodiment of the inventive concept;

FIG. 10 illustrates a system address space of the computing system ofFIG. 9 according to an exemplary embodiment of the inventive concept;

FIG. 11 illustrates a process in which the computing system of FIG. 9writes encrypted data according to an exemplary embodiment of theinventive concept;

FIG. 12 illustrates a process in which the computing system of FIG. 9reads encrypted data from an encrypted data area according to anexemplary embodiment of the inventive concept;

FIG. 13 illustrates a base address being applied to the computing systemof FIG. 9 according to an exemplary embodiment of the inventive concept;

FIG. 14 illustrates address conversion of an on-the-fly dynamic randomaccess memory (DRAM) encryption hardware in the computing system of FIG.9 according to an exemplary embodiment of the inventive concept;

FIG. 15 illustrates a data path of a computing system according to anexemplary embodiment of the inventive concept;

FIG. 16 illustrates a data path of a computing system, to which ascramble function is added, according to an exemplary embodiment of theinventive concept;

FIG. 17 illustrates a write path of normal/secure data in a computingsystem according to an exemplary embodiment of the inventive concept;

FIG. 18 illustrates a read path of normal/secure data in a computingsystem according to an exemplary embodiment of the inventive concept;

FIG. 19 illustrates an address allocation method of a computing systemaccording to an exemplary embodiment of the inventive concept;

FIG. 20 illustrates a secure operating system driving method of acomputing system according to an exemplary embodiment of the inventiveconcept;

FIG. 21 illustrates a computing system package according to an exemplaryembodiment of the inventive concept;

FIG. 22 illustrates a storage device according to an exemplaryembodiment of the inventive concept;

FIG. 23 illustrates a computing system according to an exemplaryembodiment of the inventive concept, from the perspective of a masterdevice accessing a slave device;

FIG. 24 illustrates a computing system according to an exemplaryembodiment of the inventive concept;

FIG. 25 illustrates a computing system 70, according to anotherembodiment of the inventive concept;

FIG. 26 illustrates an exemplary embodiment of the on-the-fly encryptor72 illustrated in FIG. 25;

FIG. 27 illustrates an encryption/decryption process, according to anexemplary embodiment of the inventive concept;

FIG. 28 illustrates another embodiment of the on-the-fly encryptor 72illustrated in FIG. 25;

FIG. 29 illustrates a system-on-chip 800, according to an exemplaryembodiment of the inventive concept; and

FIG. 30 illustrates a computing system 90 including an integratedcircuit 900 of a multi-layer bus structure, according to an exemplaryembodiment of the inventive concept.

DETAILED DESCRIPTION OF THE EMBODIMENTS

FIG. 1 illustrates a computing system according to an exemplaryembodiment of the inventive concept. Referring to FIG. 1, a computingsystem 10 may include an integrated circuit (IC) 100 and a plurality ofmemories (MEM1, MEM2, MEM3, and MEM4) 210, 220, 230, and 240 connectedthereto. For convenience of description, four memories 210 to 240 areillustrated in FIG. 1. However, the number of memories may not belimited thereto.

The integrated circuit 100 may include a CPU 110, an on-the-flyencryptor 120, and a plurality of memory controllers (MC1, MC2, MC3,MC4) 131, 132, 133, and 134. The on-the-fly encryptor 120 and the memorycontrollers 131 to 134 are connected in common to a bus 101. In anexemplary embodiment, the integrated circuit 100 may be implemented witha system-on-chip (SoC). It is to be understood that the bus 101 may havea multiple-layered bus architecture.

The CPU 110 may control operations of the integrated circuit 110 bydriving an operating system. The CPU 110 may be implemented to performan arithmetic logic operation or to perform data processing based on aninstruction. Although not illustrated FIG. 1, the CPU 110 may include aprogram counter, an arithmetic logic unit (ALU), registers, etc.

The on-the-fly encryptor 120 may be implemented to encrypt datatransmitted from the CPU 110 through the bus 101 or to decrypt encrypteddata transmitted from at least one memory controller 131/132/133/134through the bus 101. In an exemplary embodiment, the on-the-flyencryptor 120 may be implemented by an encryption algorithm.

For example, the encryption algorithm may be an advanced encryptionstandard (AES), a data encryption standard (DES), a triple DES, SEED, ahigh security and light weight (HIGHT), ARIA, a lightweight encryptionalgorithm (LEA), or the like. In an exemplary embodiment, the encryptionalgorithm may perform an encryption/decryption operation in a blockencryption mode. Here, the block encryption mode may be an electroniccode book (ECB) mode, a cipher block chaining (CBC) mode, a counter(CTR) mode, a propagating cipher block chaining (PCBC) mode, a cipherfeedback (CFB) mode, or the like.

In an exemplary embodiment, the on-the-fly encryptor 120 may be a slavedevice with regard to the CPU 110.

In an exemplary embodiment, the on-the-fly encryptor 120 may be a masterdevice with regard to the memory controllers 131 to 134.

The on-the-fly encryptor 120 may be recognized by the CPU 110 as a kindof secure memory. An address space that is sufficient to perform asecure memory function may be allocated to on-the-fly encryptor 120. Forthis reason, the on-the-fly encryptor 120 may be referred to as a“pseudo secure memory”.

Also, the process in which the CPU 110 performs a write operation withrespect to the on-the-fly encryptor 120 functioning as the pseudo securememory is as follows. The CPU 110 may send a data write request to theon-the-fly encryptor 120 through the bus 101 by using an addressallocated to the on-the-fly encryptor 120. The on-the-fly encryptor 120may encrypt data in response to the write request and may send theencrypted data to a corresponding memory controller through the bus 101.The encrypted data may be stored in an encrypted data area 214 of acorresponding memory. It should be appreciated that the term“on-the-fly” is used in that encrypted data is directly stored in theencrypted data area 214 of a memory without being stored in theon-the-fly encryptor 120.

Also, the process in which the CPU 110 performs a read operation withrespect to the on-the-fly encryptor 120 functioning as the pseudo securememory is as follows. The CPU 110 may send a data read request to theon-the-fly encryptor 120 through the bus 101 by using an addressallocated to the on-the-fly encryptor 120. The on-the-fly encryptor 120may send a memory read request to a corresponding memory controller inresponse to the read request. The memory controller may read encrypteddata stored in the encrypted data area 214 in response to the memoryread request and may send the read encrypted data to the on-the-flyencryptor 120 through the bus 101. The on-the-fly encryptor 120 maydecrypt the encrypted data and may send the decrypted data to the CPU110 through the bus 101.

Under control of the corresponding memory controllers 131 to 134, theCPU 110 may directly request a read/write operation of each of thememories 210 to 240 from an unencrypted data area 212 without passingthrough the on-the-fly encryptor 120.

The memories 210 to 240 may be respectively connected to the memorycontrollers 131 to 134. In an exemplary embodiment, the memories 210 to240 and the memory controllers 131 to 134 may be connected by a doubledata rate (DDR) interface. However, it should be appreciated that aninterface for connecting the memories 210 to 240 and the memorycontrollers 131 to 134 is not limited to the DDR interface.

Each of the memories 210 to 214 may be implemented to store data(encrypted data and unencrypted data) that is needed for an operation ofthe CPU 110. In an exemplary embodiment, each of the memories 210 to 240may be implemented with a DRAM, a synchronous DRAM (SDRAM), a DDR SDRAM,a low power DDR (LPDDR) SDRAM, a Rambus DRAM (RDRAM), a dual in-linememory module (DIMM), a nonvolatile DIMM (NVDIMM), a phase change randomaccess memory (PRAM), etc.

In an exemplary embodiment, each of the memories 210 to 240 may includean unencrypted data area 212 that stores unencrypted data and theencrypted data area 214 that stores encrypted data. In an exemplaryembodiment, the unencrypted data area 212 and the encrypted data area214 may be fixed. In another embodiment, the unencrypted data area 212and the encrypted data area 214 may be variable.

In an exemplary embodiment, data may be stored in the memories 210 to240 in an interleaving way.

The computing system 10 according to an exemplary embodiment of theinventive concept may minimize reduction of performance by separating atransmission path of encrypted data between the CPU 110 and a mainmemory 200 from a transmission path of unencrypted data therebetween.

Also, the computing system 10 according to an exemplary embodiment ofthe inventive concept may not cause an additional latency associatedwith transmission of unencrypted data by sending encrypted data througha path that is different from that of the unencrypted data.

In addition, compared to a conventional computing system, the computingsystem 10 according to an exemplary embodiment of the inventive conceptmay relatively reduce a chip size by using only one on-the-fly encryptor120 for data encryption while supporting an interleaving function.

The computing system 10 according to an exemplary embodiment of theinventive concept may also improve a data-related security function byencrypting a portion of data while not influencing the overallperformance of the computing system 10.

FIG. 2 illustrates an example of an address space of the computingsystem 10 according to an exemplary embodiment of the inventive concept.Referring to FIG. 2, a system address space 300 may include a pseudosecure memory (PSM) address space 310 and an interleaved memory addressspace 320. In an exemplary embodiment, the system address space 300 maybe a logical address space viewed from the CPU 110.

The pseudo secure memory address space 310 may include an on-the-flyencryptor area 312. The pseudo secure memory address space 310 that isan address space allocated to the on-the-fly encryptor 120 may berecognized by the CPU 110 as a memory space.

The interleaved memory address space 320 may include an unencrypted dataarea 322 and an encrypted data area 324. In an exemplary embodiment,addresses corresponding to the interleaved memory address space 320 maybe allocated to interleave the memories MEM1 to MEM4.

In an exemplary embodiment, the size of the encrypted data area 324 maybe determined to correspond to the size of the on-the-fly encryptor area312. For example, the size of the encrypted data area 324 may be thesame as the size of the on-the-fly encryptor area 312.

In an exemplary embodiment, the encrypted data area 324 may be fixed orvariable.

FIG. 3 illustrates the process in which the computing system 10according to an exemplary embodiment of the inventive concept writesdata (hereinafter referred to as “secure data”) needing security.Referring to FIGS. 1 to 3, secure data may be written through thefollowing process.

The CPU 110 may provide the on-the-fly encryptor 120 with a writerequest for writing unencrypted data in the pseudo secure memory. Here,an address that is provided together with the write request may be anaddress that belongs to the on-the-fly encryptor area 312. Theon-the-fly encryptor 120 may receive the write request, the address, andthe unencrypted data from the CPU 110, may encrypt the unencrypted databy using an encryption algorithm, and may convert the address into anaddress of the encrypted data area 324. A memory MEM1 (refer to FIG. 1)may store the encrypted data in a corresponding space in response to thewrite request of the on-the-fly encryptor 120.

FIG. 4 illustrates the process in which the computing system 10according to an exemplary embodiment of the inventive concept readssecure data. Referring to FIGS. 1 to 4, secure data may be read throughthe following process.

The CPU 110 may provide the on-the-fly encryptor 120 with a read requestfor reading unencrypted data from the pseudo secure memory. Here, anaddress that is provided together with the read request may be anaddress that belongs to the on-the-fly encryptor area 312. Theon-the-fly encryptor 120 may receive the read request and the addressfrom the CPU 110 and may convert the address into an address of theencrypted data area 324. For convenience of description, it is assumedthat the converted address directs a first memory MEM1 of the encrypteddata area 324. The first memory MEM1 may read encrypted data in responseto the read request and may send the read encrypted data to theon-the-fly encryptor 120. The on-the-fly encryptor 120 may receive theencrypted data and may decrypt the encrypted data by using theencryption algorithm. The decrypted data, that is, the unencrypted datamay be provided to the CPU 110.

FIG. 5 illustrates an example of the process in which the on-the-flyencryptor 120 according to an exemplary embodiment of the inventiveconcept converts an address. Referring to FIG. 5, the on-the-flyencryptor 120 may generate an encrypted data address by adding an offsetaddress to an on-the-fly encryptor address. Here, the on-the-flyencryptor address may be an address that is needed for the CPU 110 toaccess the on-the-fly encryptor 120. Also, the encrypted data addressmay be an address that belongs to the encrypted data area 324 composedof memories MEM1 to MEM4 illustrated in FIGS. 2 to 5.

In an exemplary embodiment, the offset address may be fixed by a chipmaker. In another embodiment, the offset address may be variable bysoftware.

An address conversion operation of the on-the-fly encryptor 120according to an exemplary embodiment of the inventive concept may not belimited to the above description. The on-the-fly encryptor 120 mayconvert an address by using a base address concept.

FIG. 6 illustrates a base address needed for address conversion of theon-the-fly encryptor 120 according to an exemplary embodiment of theinventive concept. Referring to FIG. 6, the on-the-fly encryptor area312 exists between unmapped areas 301, and a start address of theon-the-fly encryptor area 312 is an on-the-fly encryptor base address.Also, the encrypted data area 324 exists between the unencrypted dataarea 322 and the unmapped area 301, and a start address of the encrypteddata area 324 is an encrypted data base address.

FIG. 7 illustrates another example of the process in which theon-the-fly encryptor 120 according to an exemplary embodiment of theinventive concept converts an address. Referring to FIG. 7, theon-the-fly encryptor 120 may generate an encrypted data address byadding an encrypted data based address to an address that is obtained bysubtracting an on-the-fly encryptor base address from an on-the-flyencryptor address.

Meanwhile, the computing system 10 according to an exemplary embodimentof the inventive concept may further include access control logic thatcontrols an access to an encrypted data area.

FIG. 8 illustrates a computing system 20 according to another embodimentof the inventive concept. Referring to FIG. 8, compared to the computingsystem 10 of FIG. 1, a computing system 20 may be implemented with anintegrated circuit 100 a that further includes access control logics 141to 144.

The access control logics 141 to 144 may control accesses of the CPU 110a to the encrypted data areas 214 of the memories 210 to 240,respectively. For example, each of the access control logics 141 to 144may be implemented to block an access of the CPU 110 a to an encrypteddata area. Each of the access control logics 141 to 144 may beimplemented to permit only an access of the on-the-fly encryptor 120 ato an encrypted data area.

In an exemplary embodiment, each of the access control logics 141 to 144may be implemented with the trust zone address access controller (TZASC)of the ARM.

The number of access control logics 141 to 144 illustrated in FIG. 8 maybe the same as the number of memory controllers 131 a to 134 arespectively connected to the memories 210 to 240. However, the numberof access control logics may not be limited thereto. The computingsystem 20 according to an exemplary embodiment of the inventive conceptmay be implemented to include a plurality of memory controllers that areconnected to one access control logic.

Meanwhile, the access control logics 141 to 144 are arranged in thefront of the memory controllers 131 to 134. However, embodiments are notlimited thereto. Each of the access control logics 141 to 144 may besituated in the interior of a corresponding memory controller.

In FIGS. 1 to 8, embodiments are exemplified as a computing systemincludes the plurality of memory controllers MC1 to MC4. However,embodiments are not limited thereto. For example, a computing systemaccording to an exemplary embodiment of the inventive concept may beimplemented to include the memories MEM1 to MEM4 connected to one memorycontroller.

Meanwhile, a computing system according to an exemplary embodiment ofthe inventive concept may further include intellectual properties (IPs)for performing various functions.

FIG. 9 is a block diagram illustrating a computing system 30 accordingto an exemplary embodiment of the inventive concept. Referring to FIG.9, a computing system 30 may include an SOC 100 b that includes CPU 110a, on-the-fly DRAM encryption hardware 120 b, DRAM memory controllers131 b to 134 b, an internal SRAM (iRAM) 141, an internal ROM (iROM) 142,a graphic processing unit (GPU) 143, a multimedia chip 144, a directmemory access (DMA) chip 145, a modem 146, and a global navigationsatellite system (GNSS) chip 147, and a plurality of DRAMs 210 b, 220 b,230 b, and 240 b.

The CPU 110 b, the on-the-fly DRAM encryption hardware 120 b, the DRAMmemory controllers 131 b to 134 b, and the DRAMs 210 b to 240 b that areconnected to a bus 101 b may be substantially the same as the CPU 110,the on-the-fly encryptor 120, the memory controllers 131 to 134, and theDRAMs 210 to 240, and thus, a description thereof will not be repeatedhere.

The SOC 110 b may include IPs for performing various functions, that is,the internal RAM (iRAM) 141, the internal ROM (iROM) 142, the GPU 143,the multimedia chip 144, the DMA chip 145, the modem 146, the GNSS chip147, etc.

The internal RAM 141 may be implemented to temporarily store data neededfor an operation of the CPU 110 b. For example, the internal RAM 141 maybe a synchronous random access memory (SRAM). The internal ROM 142 maybe implemented to store an operating system/program-related code(instruction) of the CPU 110 b. For example, the internal ROM 142 may beimplemented with a nonvolatile memory. The GPU 143 may be agraphic-dedicated chip. The multimedia chip 144 may be a multimediadata-dedicated chip. The DMA chip 145 may be implemented to directlyaccess the DRAMs 210 b to 240 b without passing through the CPU 110 b.The modem 146 may be implemented to perform wired and/or wirelesscommunication with the outside. The GNSS chip 147 may be implemented todetermine a position of the computing system 30 based on satellitepositioning data. Meanwhile, it should be appreciated that the SOC 110 baccording to an exemplary embodiment of the inventive concept does notinclude at least one of the IPs illustrated in FIG. 9 and furtherincludes at least one IP that is not illustrated in FIG. 9. Meanwhile,it should be appreciated that the at least two of the IPs of the SOC 110b illustrated in FIG. 9 are implemented with one chip.

FIG. 10 illustrates a system address space of the computing system 30 ofFIG. 9. Referring to FIG. 10, a system address space 400 may include anunmapped area 401, an internal ROM address space 402, an internal RAMaddress space 404, a pseudo secure memory address space 410, and aninterleaved DRAM address space 420.

The interleaved DRAM address space 420 may include an encrypted dataarea 424. Here, the size of the encrypted data area 424 may correspondto the size of the pseudo secure memory address space 410.

As illustrated in FIG. 10, the system address space 400 may includeaddresses that are respectively allocated to a plurality of IPs. Here, aminimum size of the assigned address may be a cache unit. In anexemplary embodiment, the cache unit may be 64 bytes. However, anexemplary embodiment of the inventive concept is not limited thereto.

FIG. 11 illustrates the process in which the computing system 30 of FIG.9 writes encrypted data. Referring to FIGS. 9 to 11, the process ofwriting encrypted data will be described below.

The CPU 110 b may issue a data write request for writing data in apseudo secure memory. In this case, the issued write request and writedata may be provided to the on-the-fly DRAM encryption hardware 120 bthrough the bus 101 b. Here, the write data is unencrypted data. Theon-the-fly DRAM encryption hardware 120 b may receive the unencrypteddata (or plain data), may encrypt the unencrypted data by using theencryption algorithm, and may generate a write request and a writeaddress of a corresponding DRAM such that the encrypted data is storedin the encrypted data area 424. Here, the write address may be anaddress indicating the encrypted data area 424. The corresponding DRAMmay store the encrypted data in response to the write request and thewrite address.

FIG. 12 illustrates the process in which the computing system 30 of FIG.9 reads encrypted data from the encrypted data area 424. Referring toFIGS. 9 to 12, the process of reading encrypted data will be describedbelow.

The CPU 110 b may issue a data read request for reading data from thepseudo secure memory. The on-the-fly DRAM encryption hardware 120 b mayreceive the read request and may generate a read request and a readaddress of a corresponding DRAM such that the encrypted data is readfrom the encrypted data area 424. Here, the read address may be anaddress indicating the encrypted data area 424 that stores the encrypteddata. The corresponding DRAM may read the encrypted data in response tothe read request and the read address and may send the read data to theon-the-fly DRAM encryption hardware 120 b through the bus 101 b. Theon-the-fly DRAM encryption hardware 120 b may receive the encrypteddata, may decrypt the encrypted data by using the encryption algorithm,and may send the decrypted data, that is, unencrypted data to the CPU110 b through the bus 101 b.

FIG. 13 illustrates an exemplary embodiment in which a base addressconcept is applied to the computing system 30 of FIG. 9. Referring toFIG. 13, the system address space 400 may include the internal RAMaddress space 404, the pseudo secure memory address space 410, theencrypted data area 424, and any other DRAM area 426.

Encrypted data and unencrypted data may be exchanged between the pseudosecure memory address space 410 and the encrypted data area 424. Thatis, unencrypted data stored in the pseudo secure memory address space410 may be encrypted by the on-the-fly DRAM encryption hardware 120 b,and the encrypted data may be stored in the encrypted data area 424.Also, encrypted data stored in the encrypted data area 424 may bedecrypted by the on-the-fly DRAM encryption hardware 120 b, and thedecrypted data, that is, unencrypted data may be stored in the pseudosecure memory address space 410.

Meanwhile, an address mapping relation between the pseudo secure memoryaddress space 410 and the encrypted data area 424 may be determined byan address conversion operation of the on-the-fly DRAM encryptionhardware 120 b. As illustrated in FIG. 13, a start address of the pseudosecure memory address space 410 is a pseudo secure memory base address,and a start address of the encrypted data area 424 may be an encrypteddata base address. The address conversion operation may be performed byusing the pseudo secure memory base address and the encrypted data baseaddress.

FIG. 14 illustrates address conversion of the on-the-fly DRAM encryptionhardware 120 b in the computing system 30 of FIG. 9. Referring to FIGS.9 to 14, the on-the-fly DRAM encryption hardware 120 may generate anencrypted data address by adding an encrypted data based address to anaddress that is obtained by subtracting a pseudo secure memory baseaddress from a pseudo secure memory address. However, the addressconversion of the on-the-fly DRAM encryption hardware 120 b is notlimited thereto.

A computing system according to an exemplary embodiment of the inventiveconcept may be described below from the perspective of a data path.

FIG. 15 illustrates a data path of a computing system 40 according to anexemplary embodiment of the inventive concept. Referring to FIG. 15, thecomputing system 40 may be implemented such that a first path in whichunencrypted data from a CPU 41 is transmitted without modification and asecond path in which unencrypted data is transmitted after beingencrypted are separated from each other.

In the first path, the CPU 41 is a first master, and a memory controller(MC) 44 is a first slave. Under control of the CPU 41, the memorycontroller 44 may store unencrypted data in an unencrypted data area46-2 of a memory 46 or may read unencrypted data from the unencrypteddata area 46-2. In an exemplary embodiment, unencrypted data may beexchanged through a system bus between the CPU 41 and the memorycontroller 44.

In the second path, the CPU 41 may be a first master, an on-the-flyencryptor 42 may be a second slave or a second master, and the memorycontroller 44 may be a third slave. Under control of the CPU 41, theon-the-fly encryptor 42 may encrypt unencrypted data or may decryptencrypted data. Also, under control of the on-the-fly encryptor 42, thememory controller 44 may store encrypted data in an encrypted data area46-4 of the memory 46 or may read encrypted data from the encrypted dataarea 46-4. In an exemplary embodiment, unencrypted data may be exchangedthrough the system bus between the CPU 41 and the on-the-fly encryptor42, or encrypted data may be exchanged through the system bus betweenthe on-the-fly encryptor 42 and the memory controller 44.

Meanwhile, a computing system according to an exemplary embodiment ofthe inventive concept may add a scramble function to a data path.

FIG. 16 illustrates a data path of a computing system 50, to which ascramble function is added, according to an exemplary embodiment of theinventive concept. Referring to FIG. 16, the computing system 50 may beimplemented such that a path in which unencrypted data is scrambled andtransmitted and a path in which encrypted data is transmitted areseparated from each other.

In an exemplary embodiment, unencrypted data may be scrambled byscramble/descramble logic 54-1 of a memory controller (MC) 54. Thescrambled data may be stored in an unencrypted data area 56-2 of amemory (MEM) 56. Also, scrambled data stored in the unencrypted dataarea 56-2 may be descrambled by the scramble/descramble logic 54-1. Thedescrambled data may be output to a CPU as unencrypted data.

Meanwhile, a path of encrypted data may be the same as that of FIG. 15,and thus, a description thereof will not be repeated here.

A computing system according to an exemplary embodiment of the inventiveconcept may be described below from the perspective of a path of normaldata (or “unsecure data”)/secure data including a bus. Here, the normaldata may be data that does not need encryption, and the secure data maybe data that needs encryption.

FIG. 17 illustrates a write path of normal/secure data in a computingsystem according to an exemplary embodiment of the inventive concept.Referring to FIG. 17, a computing system may separate a path for writingnormal data from a path for writing secure data.

First, a write path of the normal data is as follows. Normal data thatis output from a CPU may be sent to a memory controller MC through abus. The memory controller MC may store the normal data in a normal dataarea of a corresponding memory MEM.

Next, a write path of the secure data is as follows. The secure datathat is output from the CPU may be sent to an on-the-fly encryptorthrough the bus. Here, the on-the-fly encryptor may encrypt the securedata by using the encryption algorithm. The encrypted data may be sentto the memory controller MC through the bus. The memory controller MCmay store the encrypted data in an encrypted data area of thecorresponding memory MEM.

FIG. 18 illustrates a read path of normal/secure data in a computingsystem according to an exemplary embodiment of the inventive concept.Referring to FIG. 18, a computing system may separate a path for readingsecure data from a path for reading normal data.

First, a read path of the normal data is as follows. The memorycontroller MC may read normal data stored in a normal data area of amemory MEM in response to a read request for the normal data and maysend the read data to a CPU through a bus. Here, the read request may bereceived from the CPU through the bus.

Next, a read path of the secure data is as follows. An on-the-flyencryptor may transmit a memory read request to the memory controller MCthrough the bus in response to a read request for secure data. Thememory controller MC may read encrypted data stored in an encrypted dataarea of a memory MEM in response to a memory read request and maytransmit the read encrypted data to the on-the-fly encryptor through thebus. The on-the-fly encryptor may decrypt the encrypted data by usingthe encryption algorithm and may transmit the decrypted data, that is,secure data to the CPU through the bus.

FIG. 19 is a flowchart illustrating an address allocation method of acomputing system according to an exemplary embodiment of the inventiveconcept. Referring to FIG. 19, the address allocation method may includean operation of allocating an on-the-fly encryptor address (S110) and anoperation of allocating an encrypted data address corresponding to theon-the-fly encryptor address (S120). Here, the encrypted data addressmay be fixed by a chip maker or may be variable by a chip user.

FIG. 20 is a flowchart illustrating a secure operating system (OS)driving method of a computing system according to an exemplaryembodiment of the inventive concept. The secure OS driving method of thehost will be described with reference to FIG. 20. A secure OS stored inthe internal ROM iROM may be read (S210). The read secure OS may beloaded on an encrypted data area of a main memory MEM by using anon-the-fly encryptor address (S220). A CPU may execute the secure OS ofthe encrypted data area by using the on-the-fly encryptor address(S230).

Meanwhile, a computing system according to an exemplary embodiment ofthe inventive concept may be implemented in the form of a package onpackage (POP).

FIG. 21 illustrates a computing system package according to an exemplaryembodiment of the inventive concept. Referring to FIG. 21, a computingsystem package 1000 may include a SOC 1100 and DRAM chips 1210, 1220,1230, and 1240 sequentially stacked on the SOC 1100. Here, the SOC 1100may be implemented the same as the SOC 100 b illustrated in FIG. 9.Also, the stacked DRAM chips 1210, 1220, 1230, and 1240 may beimplemented the same as the DRAMs 210 b, 220 b, 230 b, and 240 billustrated in FIG. 9.

Meanwhile, the computing system according to an exemplary embodiment ofthe inventive concept may be applicable to a mobile device.

FIG. 22 illustrates a mobile device 2000 according to an exemplaryembodiment of the inventive concept. Referring to FIG. 22, the mobiledevice 2000 may include a processor (AP/ModAP) 2100, a buffer memory2200, a display/touch module 2300, and a storage device 2400.

The processor 2100 may be implemented to control overall operations ofthe mobile device 2000 and wired/wireless communication with theoutside. For example, the processor 2100 may be an application processor(AP), an integrated modem application processor (ModAP), or the like.

The processor 2100 may include a secure chip 2120 and access controllogic 2140.

The secure chip 2120 may be implemented by software and/or with tamperresistant hardware, may permit high-level security, and may work tocollaborate on trusted execution environment (TEE) of the processor2100.

The secure chip 2120 may include a native operating system (OS), asecure storage device which is an internal data storage unit, an accesscontrol block which control the right to access the secure chip 1020,and a firmware update block for updating firmware of the secure chip1020 and a security function block for performing ownership management,key management, digital signature, encryption/decryption, etc. Forexample, the secure chip 2120 may be a universal integrated circuit card(UICC) (e.g., USIM, CSIM, and ISIM), a subscriber identity module (SIM)card, an embedded secure elements (eSE), microSD, stickers, etc.

The access control logic 2140 may be implemented to control an access toan encrypted data area of the buffer memory 2200. The access controllogic 2140 may be implemented to perform the same function as the accesscontrol logics 141 to 144 illustrated in FIG. 8 or may be implementedwith the same configuration as the access control logics 141 to 144illustrated in FIG. 8.

The buffer memory 2200 may be implemented to temporarily store data,which is needed to perform operations of the mobile device 2000. In anexemplary embodiment, the buffer memory 2200 may be implemented with aDRAM, a SDRAM, a magnetoresistive RAM (MRAM), etc. The buffer memory2200 may include an unencrypted data area and an encrypted data area.Here, the encrypted data area may store data that is encrypted by thesecure chip 2120.

The display/touch module 2300 may be implemented to display dataprocessed by the processor 2100 or to receive data from a touch panel.

The storage device 2400 may be implemented to store data of a user. Thestorage device 2400 may be an embedded multimedia card (eMMC), a solidstate drive (SSD), universal flash storage (UFS), etc. The storagedevice 2400 may include at least one nonvolatile memory device.

The nonvolatile memory device may be a NAND flash memory, a verticalNAND flash memory (VNAND), a NOR flash memory, a resistive random accessmemory (RRAM), a phase change memory (PRAM), an MRAM, a ferroelectricrandom access memory (FRAM), a spin transfer torque random access memory(STT-RAM), 3Dxpoint Memory etc.

Furthermore, the nonvolatile memory may be implemented to have athree-dimensional (3D) array structure. In an exemplary embodiment ofthe inventive concept, a 3D memory array is provided. The 3D memoryarray is monolithically formed in one or more physical levels of arraysof memory cells having an active area disposed above a silicon substrateand circuitry associated with the operation of those memory cells,whether such associated circuitry is above or within such substrate. Thecircuit related on an operation of memory cells may be located in asubstrate or on a substrate. The term “monolithic” means that layers ofeach level of the array are directly deposited on the layers of eachunderlying level of the array.

In an exemplary embodiment of the inventive concept, the 3D memory arrayincludes vertical NAND strings that are vertically oriented such that atleast one memory cell is located over another memory cell. The at leastone memory cell may comprise a charge trap layer. Each vertical NANDstring may include at least one select transistor located over memorycells. At least one selection transistor may have the same structure asmemory cells, and be monolithically formed together with memory cells.

The three-dimensional memory array is formed of a plurality of levelsand has word lines or bit lines shared among levels. The followingpatent documents, which are hereby incorporated by reference, describesuitable configurations for three-dimensional memory arrays, in whichthe three-dimensional memory array is configured as a plurality oflevels, which is applied by Samsung Electronics Co., with word linesand/or bit lines shared between levels: U.S. Pat. Nos. 7,679,133;8,553,466; 8,654,587; 8,559,235; and US Pat. Pub. No. 2011/0233648. Thenonvolatile memory according to an exemplary embodiment of the inventiveconcept may be applicable to a charge trap flash (CTF) in which aninsulating layer is used as a charge storage layer, as well as a flashmemory device in which a conductive floating gate is used as a chargestorage layer.

The mobile device 2000 according to an exemplary embodiment of theinventive concept may separate a secure data path from a normal datapath, thereby markedly improving a security function while maintainingthe overall performance.

Meanwhile, a computing system according to an exemplary embodiment ofthe inventive concept may be described below from the perspective of anaccess of a master.

FIG. 23 is a drawing for describing a computing system according to anexemplary embodiment of the inventive concept, from the perspective ofan access of a master device to a slave device. Referring to FIG. 23, aCPU 110 is a master with regard to the on-the-fly encryptor 120 and amain memory 200, the on-the-fly encryptor 120 is a slave with regard tothe CPU 110 and a master with regard to the main memory 200, and themain memory 200 is a slave with regard to the on-the-fly encryptor 120.

The CPU 110 may be implemented to access the on-the-fly encryptor 120 byusing a pseudo secure memory address ADDR_PSM. It may look as if asecure data is stored in a pseudo secure memory address (ADDR_PSM)space. Here, the pseudo secure memory address space may correspond to asecure area of the main memory 200.

Also, the CPU 110 may be implemented to access an unencrypted data areaof the main memory 200, that is, an unsecure area by using a normaladdress ADDR.

The on-the-fly encryptor 120 may be implemented to access an encrypteddata area of the main memory 200, that is, a secure area by using a mainmemory address ADDR_MM. Unencrypted data stored in the pseudo securememory address space may be stored in the encrypted data area of themain memory 200 after being encrypted by the on-the-fly encryptor 120.

In FIGS. 1 to 23, the embodiments are exemplified as the on-the-flyencryptor 120 performing an encryption function is situated on theoutside of the CPU 110. However, the embodiments are not limitedthereto. The on-the-fly encryptor 120 may be situated in the interior ofthe CPU 120.

FIG. 24 illustrates a computing system 60 according to anotherembodiment of the inventive concept. Referring to FIG. 24, the computingsystem 60 may include a CPU 61 and a main memory 62. The CPU 61 mayinclude an on-the-fly encryptor 61-2 that encrypts or decrypts data inreal time. The on-the-fly encryptor 61-2 may be designed to be viewed asa pseudo secure memory internally. Data that needs security may beexchanged with the main memory 62 after being encrypted/decrypted by theon-the-fly encryptor 61-2. Normal data may be exchanged normally withthe main memory 62.

In an exemplary embodiment, the on-the-fly encryptor 61-2 may beconnected to the main memory 62 through a dedicated data path. In anexemplary embodiment, the on-the-fly encryptor 61-2 may store data inthe main memory 62 through a memory controller (not illustrated) or mayread data from the main memory 62 through the memory controller.

According to embodiments of the inventive concept, a path fortransmitting encrypted data may be completely separated from a path fortransmitting unencrypted data. To this end, a virtual secure memory maybe created on an address space. If a CPU writes data in the virtualsecure memory, hardware may store the data in a specific area of a DRAMafter automatically encrypting the data. In the case where the CPUintents to read data, the hardware may send the data to the CPU afterautomatically decrypting the data read from a specific area of the DRAM.Accordingly, a portion of data may be protected through encryptionwithout affecting the overall performance of system.

A computing system according to an exemplary embodiment of the inventiveconcept may minimize reduction of performance by separating atransmission path of encrypted data between a CPU and a main memory froma transmission path of unencrypted data therebetween.

Also, the computing system according to an exemplary embodiment of theinventive concept may not cause an additional latency associated withtransmission of unencrypted data by sending encrypted data through apath that is different from that of the unencrypted data.

In addition, compared to a conventional computing system, the computingsystem according to an exemplary embodiment of the inventive concept mayrelatively reduce a chip size by using only one on-the-fly encryptor fordata encryption while supporting an interleaving function.

The computing system according to an exemplary embodiment of theinventive concept may also improve a data-related security function byencrypting a portion of data while not influencing the overallperformance of the computing system.

FIG. 25 illustrates a computing system 70, according to anotherembodiment of the inventive concept. Referring to FIG. 25, the computersystem 70 may include a CPU 71, an on-the-fly encryptor 72, and aplurality of DRAMs 74. The on-the-fly encryptor 72 may be implemented toprocess transactions (encryption/decryption operations) from the CPU 71and/or the DRAMs 74. Here, the transactions may be issued by the CPU 71.In an exemplary embodiment, the transactions may be write transactionsor read transactions. Here, data encryption operations may be performedon the write transactions, and data decryption operations may beperformed on the read transactions.

In an exemplary embodiment, the transactions may be simultaneouslyprocessed by the on-the-fly encryptor 72. In another embodiment, thetransactions may be processed in parallel by the on-the-fly encryptor72.

FIG. 25 shows six transactions, but embodiments of the inventive conceptmay not be limited thereto.

In an exemplary embodiment, the on-the-fly encryptor 72 may receivetransactions from the CPU 71 and may issue transactions for DRAMcorresponding to the DRAMs 74.

In an exemplary embodiment, data input and output to and from the DRAMs74 may be interleaved. In another embodiment, data input and output toand from the DRAMs 74 may not be interleaved.

FIG. 26 illustrates an exemplary embodiment of the on-the-fly encryptor72 illustrated in FIG. 25. Referring to FIG. 26, the on-the-flyencryptor 72 may include an address converter 721, an encryption circuit(AES) 722, a de-multiplexer 723, reorder buffers 724, a multiplexer 725,a counter 726, and an XOR operator 727.

The address converter 721 may be implemented to convert an addressARADDR received from the CPU 71 into a DRAM dedicated addressARADDR_DRAM. Also, the address converter 721 may be implemented togenerate an address sequence by using the address ARADDR included in atransaction. In an exemplary embodiment, the size of the addresssequence may be 64 bits. However, according to embodiments of theinventive concept, the size of the address sequence may not be limitedthereto.

The encryption circuit 722 may be implemented to receive an addresssequence from the address converter 721 and to generate a key streamcorresponding to an address based on an encryption algorithm. In anexemplary embodiment, the encryption algorithm may include an advancedencryption standard (AES) algorithm. However, according to embodimentsof the inventive concept, the encryption algorithm may not be limitedthereto. In an exemplary embodiment, a key value of the key stream mayhave a size of 128 bits. However, according to embodiments of theinventive concept, the size of the key value may not be limited thereto.

The multiplexer 723 may be implemented to receive data from the DRAMs 74and to transfer the received data provided to the reorder buffers 724,which correspond to a tag value included in the received data, inresponse to a read identifier RID. Here, the read identifier RID may bean identification number of a DRAM that transfers the received data. Inan exemplary embodiment, the read identifier RID may have a size of 3bits. However, according to embodiments of the inventive concept, thesize of the read identifier RID may not be limited thereto.

Even though data RDATA_ENC is transferred from the DRAMs 74 in a statewhere an encryption order is changed, the received data RDATA_ENC may bealigned and transferred to the corresponding reorder buffers 724, basedon a selection operation of the de-multiplexer 723. Here, each of thereorder buffers 724 may be connected to the multiplexer 725 to besuitable for an encryption order.

The multiplexer 725 may be implemented to select values stored in thereorder buffers 724 in order to be suitable for the encryption order, inresponse to a count value. Here, a count value may be generated by thecounter 726. In an exemplary embodiment, the count value may have a sizeof 3 bits. However, according to embodiments of the inventive concept,the size of the count value may not be limited thereto.

The XOR operator 727 may be implemented to perform a decryptionoperation by performing an XOR operation on a key value from theencryption circuit 722 and an output value of the multiplexer 725.Decrypted data RDATA may be transferred to the CPU 71 as read data.

FIG. 27 illustrates an encryption/decryption process, according to anexemplary embodiment of the inventive concept. Referring to FIG. 27, theencryption circuit 722 may be implemented to receive a 128-bit nonce andaddress and a 128-bit key and to generate a 128-bit key stream based onan encryption algorithm. Here, the nonce and key may be a value that isdetermined in advance.

In an exemplary embodiment, the address may be all or part of thereceived address ARADDR.

The XOR operator 727 may be implemented to generate 128-bit output dataDOUT by performing an XOR operation on a 128-bit key stream from theencryption circuit 722 and 128-bit input data DIN.

Meanwhile, an exemplary embodiment is exemplified as each of pieces ofdata (the nonce and address, the key, the key stream, the input data,and the output data) needed for an operation process in FIG. 27 has asize of 128 bits. However, embodiments of the inventive concept may notbe limited thereto.

Meanwhile, in FIG. 26, the on-the-fly encryptor 72 performs datareordering at a data input stage to set an order of the encryptionoperation. However, embodiments of the inventive concept may not belimited thereto. According to embodiments of the inventive concept, akey stream corresponding to received data may be output to correspond toan order of the encryption operation.

FIG. 28 illustrates another embodiment of the on-the-fly encryptor 72illustrated in FIG. 25. Referring to FIG. 28, an on-the-fly encryptor 72a may include an address converter 721 a, an encryption circuit (AES)722 a, a de-multiplexer 723 a, a counter 724 a, buffers 725 a, amultiplexer 726 a, and an XOR operator 727 a.

The address converter 721 a and the encryption circuit 722 a may beimplemented the same as the address converter 721 and the encryptioncircuit 722 illustrated in FIG. 26.

The de-multiplexer 723 a may be implemented to select the buffers 725 acorresponding to key streams output from the encryption circuit 722 a inresponse to a count value. A key value to be used forencryption/decryption may be stored in the selected one of the buffers725 a. Here, the count value may be generated by the counter 724 a.

The multiplexer 726 a may be implemented to output a key value stored inany one of the buffers 725 a to the XOR operator 727 a in response tothe read identifier RID.

The XOR operator 727 a may be implemented to perform a decryptionoperation by performing an XOR operation on a key value from themultiplexer 726 a and data RDATA_ENC from the DRAMs 74.

Meanwhile, according to an exemplary embodiment of the inventiveconcept, an on-the-fly encryptor may be applied to a system-on-chip(SOC) of a multi-layer bus (or a multi-level bus) structure.

FIG. 29 illustrates a system-on-chip 800, according to an exemplaryembodiment of the inventive concept. Referring to FIG. 29, thesystem-on-chip 800 may include a CPU 810 connected to a first layer bus,that is, a backbone bus 801, at least one DRAM controller 820, a secondlayer control bus 802-1 connected to the first layer bus 801, a secondlayer data bus 802-2 connected to the first layer bus 801, third layercontrol buses 803-1 connected to the second layer control bus 802-1, athird layer data bus 803-2 connected to the second layer data bus 802-2,an on-the-fly encryptor 830 connected to the third layer control bus803-1 and the third layer data bus 803-2, and an internal SRAM 840.

In an exemplary embodiment, illustrated in FIG. 29, the control buses802-1 and 803-1 are formed of two layers. However, it should beunderstood that control buses are formed of three or more layers. In anexemplary embodiment, illustrated in FIG. 29, the data buses 802-2 and803-2 are formed of two layers. However, it should be understood thatdata buses are formed of three or more layers.

In an exemplary embodiment, the on-the-fly encryptor 830 may receive atransaction from the CPU 810 through the first layer bus 801, the secondlayer control bus 802-1, and the third layer control bus 803-1. In anexemplary embodiment, the on-the-fly encryptor 830 may transfer atransaction for DRAM corresponding to the received transaction to theDRAM controller 820 through the third layer control bus 803-1, thesecond layer control bus 802-1, and the first layer bus 801. In anotherembodiment, the on-the-fly encryptor 830 may transfer the transactionfor DRAM corresponding to the received transaction to the DRAMcontroller 820 through a layer control bus that is not illustrated inFIG. 29.

In an exemplary embodiment, the on-the-fly encryptor 830 may receivewrite data from the CPU 810 through the first layer bus 801, the secondlayer data bus 802-2, and the third layer data bus 803-2. In anexemplary embodiment, the on-the-fly encryptor 830 may encrypt the writedata and may transfer the encrypted data to the DRAM controller 820through the third layer data bus 803-2, the second layer data bus 802-2,and the first layer bus 801. In another embodiment, the on-the-flyencryptor 830 may transfer the encrypted data to the DRAM controller 820through a layer data bus that is not illustrated in FIG. 29. A data pathfor a read operation may be implemented to be similar to theabove-described data path of the write operation.

As illustrated in FIG. 29, two kinds of data paths may exist between theCPU 810 and at least one DRAM(s) 200 a. The first data path is a path inwhich data are directly exchanged between the CPU 810 and the DRAMcontroller 820 through the first layer bus 801. The second data path isa path that passes through the on-the-fly encryptor 830 between the CPU810 and the DRAM controller 820 through the first layer bus 801, thesecond layer buses 802-1 and 802-2, and the third layer buses 803-1 and803-2.

FIG. 30 illustrates a computing system 90 including an integratedcircuit 900 of a multi-layer bus structure, according to an exemplaryembodiment of the inventive concept. Referring to FIG. 30, the computingsystem 90 may include the integrated circuit 900 and a plurality ofmemory devices 210, 220, 230, and 240.

Compared to the integrated circuit 100 illustrated in FIG. 1, theintegrated circuit 900 includes an on-the-fly encryptor 920 connected toa multi-layer bus 902. The multi-layer bus 902 may be connected to afirst layer bus 901. One multi-layer bus 902 is illustrated in FIG. 30,but the integrated circuit 900 may include two or more multi-layerbuses. A CPU 910 and a plurality of memory controllers 931, 932, 934,and 934 may be connected to the first layer bus 901.

Meanwhile, according to an exemplary embodiment of the inventiveconcept, an on-the-fly encryptor may be applied to implement simply atrusted execution environment in an application processor.

According to an exemplary embodiment of the inventive concept, tominimize reduction in performance, a computing system may be implementedsuch that a transfer path for data needing encryption and a transferpath for data not needing encryption are completely separated from eachother. To this end, a virtual secure memory may be created on an addressspace. When a CPU writes data in the virtual secure memory, hardware mayautomatically encrypt the data and may store the encrypted data in aspecific area of a DRAM. When the CPU reads data, the hardware mayautomatically read data from the specific area of the DRAM, may decryptthe read data, and may transfer the decrypted data to the CPU.Accordingly, it may be possible to protect only data needing encryptionwhile not having an influence on the whole performance of system.

While the inventive concept has been described with reference toexemplary embodiments, it will be apparent to those skilled in the artthat various changes and modifications may be made without departingfrom the spirit and scope of the inventive concept. Therefore, it shouldbe understood that the above embodiments are not limiting, butillustrative.

What is claimed is:
 1. An operation method of a computing system including a central processing unit (CPU), an on-the-fly encryptor connected to the CPU through a system bus, and a memory controller connected to the CPU through the system bus, the operation method comprising: transmitting, by the CPU, secure data to the on-the fly encryptor through the system bus; encrypting, by the on-the-fly encryptor, the secure data received through the system bus; storing, by the memory controller, the encrypted data, which is received through the system bus, in an encryption data area of a memory device; transmitting, by the CPU, normal data to the memory controller through the system bus, without passing the on-the-fly encryptor; and storing, by the memory controller, the normal data received through the system bus in a non-encryption data area of the memory device.
 2. The operation method of claim 1, further comprising: reading, by the memory controller, the encrypted data stored in the encryption data area; sending, by the memory controller, the encrypted data to the on-the-fly encryptor through the system bus; decrypting, by the on-the-fly encryptor, the encrypted data to generate the secure data; sending, by the on-the-fly encryptor, the secure data to the CPU through the system bus; reading, by the memory controller, the normal data stored in the non-encryption data area; and sending, by the memory controller, the normal data to the CPU through the system bus, without passing the on-the-fly encryptor.
 3. The operation method of claim 1, further comprising: sending, by the CPU, a secure read request to the on-the-fly encryptor through the system bus; sending, by the on-the-fly encryptor, a memory read request to the memory controller through the system bus, in response to the secure read request; sending, by the memory controller, the encrypted data from the encryption data area of the memory device to the on-the-fly encryptor through the system bus, in response to the memory read request; decrypting, by the on-the-fly encryptor, the encrypted data to generate the secure data; and sending, by the on-the-fly encryptor, the secure data to the CPU through the system bus.
 4. The operation method of claim 3, further comprising: sending, by the CPU, a normal read request to the memory controller through the system bus, without passing the on-the-fly encryptor; and sending, by the memory controller, the normal data from the non-encryption data area of the memory device to the CPU through the system bus, without passing the on-the-fly encryptor.
 5. The operation method of claim 1, further comprising: generating, by the on-the-fly encryptor, an encryption data address by adding an offset address to an address, which is received from the CPU through the system bus, wherein the encryption data address corresponds to the encryption data area.
 6. The operation method of claim 1, further comprising: blocking a direct access of the CPU to the encryption data area without passing the on-the-fly encryptor.
 7. The operation method of claim 1, wherein the computing system further comprises an intellectual property (IP) block connected to the system bus, wherein the operation method further comprises: sending, by the IP block, a secure read request to the on-the-fly encryptor through the system bus; sending, by the on-the-fly encryptor, a memory read request to the memory controller through the system bus, in response to the secure read request; sending, by the memory controller, the encrypted data from the encryption data area of the memory device to the on-the-fly encryptor through the system bus, in response to the memory read request; decrypting, by the on-the-fly encryptor, the encrypted data; and sending, by the on-the-fly encryptor, the decrypted data to the IP block through the system bus.
 8. The operation method of claim 1, wherein the storing, by the memory controller, the normal data received through the system bus in a non-encryption data area of the memory device comprises: scrambling, by the memory controller, the normal data; and storing, by the memory controller, the scrambled normal data in the non-encryption data area.
 9. An operation method of a computing system including a central processing unit (CPU), an on-the-fly encryptor connected to the CPU through a system bus, and a memory controller connected to the CPU through the system bus, the operation method comprising: sending, by the CPU, a secure read request to the on-the-fly encryptor through the system bus; sending, by the on-the-fly encryptor, a memory read request to the memory controller in response to the secure read request; reading, by the memory controller, an encrypted data from an encryption data area of a memory device in response to the memory read request; sending, by the memory controller, the encrypted data to the on-the-fly encryptor through the system bus; decrypting, by the on-the-fly encryptor, the encrypted data to generate a secure data; sending, by the on-the-fly encryptor, the secure data to the CPU through the system bus; sending, by the CPU, a normal read request to the memory controller without passing the on-the-fly encryptor; reading, by the memory controller, normal data from a non-encryption data area of the memory device in response to the normal read request; and sending, by the memory controller, the normal data to the CPU through the system bus, without passing the on-the-fly encryptor.
 10. The operation method of claim 9, further comprising: blocking a direct access of the CPU to the encryption data area without passing the on-the-fly encryptor.
 11. The operation method of claim 9, wherein the reading, by the memory controller, normal data comprises de-scrambling scrambled data from the non-encryption data area to generate the normal data.
 12. A computing system comprising: a system bus; a central processing unit (CPU) connected to the system bus; an on-the-fly encryptor connected to the system bus; a memory controller connected to the system bus; and a memory device including an encryption data area and a non-encryption data area, wherein when the CPU accesses the encryption data area of the memory device; the CPU is configured to access the on-the-fly encryptor through the system bus; the on-the-fly encryptor is configured to access the memory controller through the system bus in response to the access of the CPU; and the memory controller is configured to access the encryption data area in response to the access of the on-the-fly encryptor, when the CPU accesses the non-encryption data area of the memory device; the CPU is further configured to directly access the memory controller without passing the on-the-fly encryptor; and the memory controller is further configured to access the non-encryption data area of the memory device in response to the direct access of the CPU.
 13. The computing system of claim 12, further comprising: an access control logic being between the memory controller and the system bus, and configured to block a direct access of the CPU to the encryption data area of the memory device without passing the on-the-fly encryptor.
 14. The computing system of claim 12, wherein the CPU is further configured to access the encryption data area and the non-encryption data area of the memory device based on a system address space, the system address space includes a pseudo secure memory address space and a memory address space, and the memory address space includes a space corresponding to the encryption data area and a space corresponding to the non-encryption data area.
 15. The computing system of claim 14, wherein the CPU is further configured to access the encryption data area of the memory device by using an address of the pseudo secure memory address space, and the CPU is further configured to access the non-encryption data area of the memory device by using an address of the space corresponding to the non-encryption data area.
 16. The computing system of claim 15, wherein the on-the-fly encryptor is further configured to convert the address of the pseudo secure memory address space into an address of the space corresponding to the encryption data area of the memory device by adding an offset address into the address of the pseudo secure memory address space.
 17. The computing system of claim 12, wherein the memory controller comprises a scramble and descramble logic configured to scramble data to be stored in the non-encryption data area of the memory device and descramble data read from the non-encryption data area of the memory device.
 18. The computing system of claim 12, wherein the CPU, the on-the-fly encryptor, and the memory controller are implemented with a system-on-chip (SoC).
 19. The computing system of claim 12, wherein the on-the-fly encryptor is further configured to encrypt data from the CPU and decrypt data from the memory controller.
 20. The computing system of claim 12, wherein the on-the-fly encryptor is a slave device for the CPU, and a master device for the memory controller. 